CVE-2025-11292

CVE-2025-11292 is a command injection vulnerability affecting the Belkin F9K1015 router running firmware version 1.00.10. The flaw resides in an unknown function within the /goform/formBSSetSitesurvey CGI endpoint, where manipulation of the wan_ipaddr argument enables arbitrary command execution. It is classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-77 (Command Injection), with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability can be exploited remotely by an attacker with low privileges, such as an authenticated user on the device. Successful exploitation allows limited impacts, including low-level disclosure of confidential information, modification of data, and denial of service through partial availability disruption. A proof-of-concept exploit is publicly available, facilitating potential attacks against exposed Belkin F9K1015 devices.

No vendor response or patch has been issued despite early disclosure notification, as noted in the vulnerability details. Security practitioners should consult the provided references, including the GitHub repository at https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formBSSetSitesurvey.md (with POC at the #poc anchor) and VulDB entries (https://vuldb.com/?ctiid.327173, https://vuldb.com/?id.327173, https://vuldb.com/?submit.661295), for reproduction steps and further analysis. Mitigation may involve isolating the device, restricting access to the affected endpoint, or upgrading firmware if a patch becomes available.

The exploit's public availability raises concerns for real-world abuse against unpatched Belkin routers still in use.